A guide to Docker container networking [1445]

A guide to Docker container networking

Despite all the hype about containers, the application packaging technology is still evolving, especially as relates to networking.

In the past year though there have been significant advancements to Docker container networking functionality. At the same time Docker has built a plug-in architecture that allows more advanced network management tools to control containers.

Meanwhile, startups have developed custom platforms for managing containers, while traditional vendors such as Cisco and VMware have enabled their network management tools to control containers. So, the earliest container networking challenges are beginning to be solved, but there’s still more work to be done.

There have always been container networking issues. Containers hosted on the same physical server can interact with one another and share data. But Docker developers didn’t initially build in the ability to migrate a container from one host to another, or connect one container to another on a different host.

“The biggest challenges have been in cross-container communications,” says Keith Townsend, a technology analyst and blogger. “From one container to another, that’s the biggest frustration that most networking professionals will encounter.”

Engineers at Docker, the company that develops the open source project of the same name, quickly realized they needed to fix this.

Batteries included, but swappable

The networking issues led Docker in March 2015 to buy startup SocketPlane, which aimed to bring software-defined networking capabilities natively to Docker. In June, Docker announced the integration of SocketPlane technology into the open source project. New networking capabilities use basic Linux bridging features and VXLANs (virtual extensible LAN) to allow containers to communicate with other containers in the same Swarm, which is Docker's moniker for a cluster of containers. Container networking across hosts had been solved.

At the same time, Docker also released libnetwork, the codename for an open source project that allows third-party network management products to be "plugged in" to replace the built-in Docker networking functionality. Virtual networking products like VMware's NSX, Cisco's ACI and more than a half-dozen others were the first supported third-party network tools.

"It sets up an abstraction," says Docker Senior Vice President of Product Scott Johnston. "It's a Layer 3 network overlay that allows containers to be attached to it."

Docker now has two flavors of network management. There is native, out-of-the-box functionality supplied by Docker thanks to the SocketPlane acquisition that allows for networking across hosts. If users want more advanced network functionality - such as spinning up new networks programmatically, setting network policies, installing firewalls, load balancers or other virtual apps on the network - then a variety of network management products can be used. Docker calls its approach "batteries included, but swappable." Johnston says he hopes to have a similar plug-in model for container storage soon too.

Technology is the easy part

Docker SVP of Product Scott Johnston says when it comes to container networking, the technology is the easy part.

Johnston says these technology capabilities are the easy part. Getting developers that build apps in containers and the IT shop who will run them on the same page is an even bigger challenge.

Containerized apps have very different characteristics from traditional enterprise apps. Whereas in the past IT’s goal was to provide resilient systems that would not fail, now the priority is to provide instant-on capacity and agile, flexible networks.

“From a networking perspective, application delivery and performance is tied to how well the network infrastructure is able to support these new apps and use cases,” says Ken Owens, CTO of Cisco’s Cloud Infrastructure Services. “The role of the network engineer is to think about how things like programmable networking and software defined networking, network function virtualization can help.”

These tools allow for the automatic provisioning of network resources – instead of manual provisioning – which could soon be table-stakes requirements for organizations that truly embrace these new application paradigms.

This story, "A guide to Docker container networking " was originally published by Network World.

Senior Writer Brandon Butler covers the cloud computing industry for Network World by focusing on the advancements of major players in the industry, tracking end user deployments and keeping tabs on the hottest new startups. He contributes to NetworkWorld.com and is the author of the Cloud Chronicles blog. Email him at bbutler@nww.com and follow him on Twitter @BButlerNWW.

A Guide to Jumpstarting Technology [1094]

A Guide to Jumpstarting Technology

Putting a technology plan in place today will help ensure your growth tomorrow

Technology evolves at breakneck speed, and it plays an increasingly important role in the success of all types of businesses, regardless of size. Any new business should include a technology blueprint as an integral part of its start-up plan; every existing business should adopt such a plan if it doesn’t already have one; and all businesses should revisit their technology plans on a regular basis. This guide looks at the components to include in a technology plan, best practices for designing and implementing it, and the advantages and benefits it can provide.

The best time to develop a comprehensive technology plan is during the start-up phase of a new business, but it’s never too late for any company to assay its technology needs and begin formulating a comprehensive strategy to address them now and well into the future.

A Path to Ubiquitous, Any-to-Any Video Communication [1219]

Open Visual Communications Consortium

A Path to Ubiquitous, Any-to-Any Video Communication

Any Vendor. Any Network. Any Device.

Over the last several years, great strides have been made to improve video communication capabilities in the industry. Video over IP network technology has made video easier and faster to deploy. HD quality is now commonplace in video systems and clients. Management and infrastructure solutions deployed in enterprises and organizations have enabled video networks to be established and custom dial plans implemented, enabling a rich set of visual communication experiences for users within those organizations. As a result, video adoption has increased across enterprises and organizations around the world.

However, with growth have also come challenges. Those challenges have been most keenly experienced where enterprises or organizations have desired to have video communications across organizational boundaries. With voice and Internet traffic, one does not ponder how a network is connected because "it just works" when one makes a call or accesses websites outside an end-user domain.

With video, the opposite has been true. Typically, end users only communicate via video within their own organization. When communicating with outside parties, they often have to use awkward dial strings, and /or engage in manual planning and testing over the public Internet to have a video call. Even then a successful call can only be established if the IT departments of both companies have security or firewall policies that will allow the video call to take place to parties outside their organization. The customer may choose to use a managed or hosted video service provider to help facilitate that communication; however, this only moves the problem to the service provider, which goes through a manual process to plan, test, and validate that the desired far-end parties are reachable. Both end users and service providers must deal with a wide variety of technical issues when establishing video between different organizations or different service providers. These issues include network connections, network quality of service (QoS), NAT/firewall traversal, security policies, various signaling protocols, inconsistent dial strings, security rules within each organization impacting video, and incompatabilities between video endpoints. In addition, there are the operational considerations around coordination of the different types management and scheduling systems and processes that exist within each Service Provider . Finally, the commercial considerations of termination and settlement between service providers must also be resolved.

This combination of technical and business challenges has relegated video communication to a collection of isolated islands. It’s easy to communicate within an island, but almost impossible to communicate between islands. The ability to resolve these issues and federate the islands doesn’t lie within the power of any one customer, one equipment manufacturer, one service provider, or even one standards body to solve. It requires a concerted effort of the industry driven by the needs of their end users.

The Open Visual Communications Consortium (OVCC) has been formed to address these issues. The mission of the OVCC group is to establish high-quality, secure, consistent, and easy-to-use video communication between these video "islands," thereby enabling a dramatic increase in the value of video communication to end customers worldwide.

This paper describes the OVCC organization, its purpose, and how it is addressing the B2B communications challenges and enabling businesses to open the door to faster decision-making, easier, more productive collaboration with partners and customers, streamlined supply chain management, and game-changing applications in education, healthcare, government and business.

A tale of two women: same birthday, same Social Security number, same big-data mess [1569]

A tale of two women: same birthday, same Social Security number, same big-data mess

The odds are higher than you might think, one company says

It’s a case that would seem to defy the odds many times over: Two Florida women born on the same day, in the same state, and given almost the same name. Though no one realized it at the time, it turns out they were also given the same Social Security number.

Joanna Rivera and Joannie Rivera only recently discovered the problem, according to areport this week, but in the meantime it’s caused no end of trouble for them. Credit applications have been denied; tax returns have been rejected.

Identity theft might have been a likely assumption, but in this case, it was something different.

After 25 years of confusion, the Social Security Administration reportedly has admitted its mistake at last: In 1990, two Florida hospitals created the same record for two babies with similar first names, the same last name and the same date of birth, and the administration gave them both the same Social Security number.

It’s not as uncommon as you might think. In fact, some 40 million SSNs are associated with multiple people, according to a 2010 study by ID Analytics.

Some, as in the Rivera case, are innocent mistakes caused by data-entry errors or bad handwriting, said Ken Meiser, vice president of identity solutions at ID Analytics.

SOCIAL SECURITY ADMINISTRATION

Others are “what we call identity manipulation,” whereby someone with a shaky credit history makes subtle changes to their identity so it’s not connected with their history, he said.

Then, of course, there’s impersonation by someone who either isn’t qualified for a SSN of their own or is trying to assume a different identity for other reasons.

Cases like that of the Rivera women are “really rare,” Meiser said. Nevertheless, “the question becomes, how do you build algorithms or recognize who is the legitimate owner of that SSN?”

Except in rare circumstances, the SSA is prohibited from trying to do that kind of verification, he said. So, it’s generally up to companies like ID Analytics or credit bureaus to serve that purpose.

“If you’re one of the folks who has had that duplication, it creates issues,” Meiser said. “It’s a really interesting challenge for everybody involved.”

In hindsight, the fact that two individuals were simultaneously asserting similar credentials but not living in exactly the same place might have been a tip-off, he said. “Both address A and address B were in play,” he said. “It probably should have triggered at least some concern.”

Also notable is the fact that the Internal Revenue Service didn’t raise a flag, since it presumably was getting W-2 forms from two different employers for somebody who was apparently holding two jobs but didn’t live in the same place, he said.

“When designing software, developers try to take into account all of the possible scenarios,” said Travis Smith, a security analyst with Tripwire. “However, humans are fallible,” and that can trip up otherwise well-designed software.

In any case, it’s an illustration of why it’s important for consumers to use due diligence. They can do it with free credit reports or identity protection services such as LifeLock, which is the parent company of ID Analytics.

“You should be reviewing those reports to see if there’s activity associated with your identity that you don’t recognize,” he said. “Either of these women could probably have seen the problem earlier if they had been doing that.”

The Social Security Administration did not immediately respond to a request for comment.

Katherine Noyes | U.S. Correspondent

Katherine Noyes has been an ardent geek ever since she first conquered Pyramid of Doom on an ancient TRS-80. Today she covers enterprise software in all its forms, with an emphasis on Linux and open source software.

The dark side of layered security

Sometimes, layered security can have unintended consequences and even make a company less secure than before

Layered security is currently considered a best practice for enterprises, since a single layer of defense against attackers is no longer enough. Sometimes, however, these layers can have unintended consequences and even make a company less secure than before.

Complexity

Jason Brvenik, principal engineer in the Cisco Security Business Group, said that he's seen organizations with as many as 80 different security technologies applied in layers.

"The proliferation of best of breed technologies creates security technology sprawl in pursuit of layered security and defense in depth," he said. "We see plenty of examples and sprawl and operational cost rising, where the technologies tend to conflict with each other."

Security practitioners have been talking about layered security for decades, said Brian Contos, Chief Security Strategist and SVP Field Engineer at Foster City, Calif.-basedNorse Corp., a cybersecurity intelligence firm founded by former law enforcement and intel officials.

"While academically this makes sense," he added, "if done incorrectly, it leads to the number one enemy of security: complexity."

Without an overall plan in mind, it's easy to overspend on individual products, to buy overlapping systems, or to leave unsecured gaps between layers.

"It's very common for security organizations to jump at technologies that address 'the monster of the week' but don't have broader value," said Carson Sweet, co-founder and CEO at San Francisco-based CloudPassage, Inc. "Keeping long-term perspective is extremely important, especially with point vendors pounding at security buyers about the latest FUD."

Cisco's Brvenik pointed out another problem with purchasing too many technologies, that of unmanaged or undermanaged systems.

Companies buy a technology in order to meeting a compliance need, or fill a security gap, or check off an item on a list, without budgeting or staffing the system's implementation or ongoing management. Then they forget about it, he said.

Not only is this a waste of money, but it actually hurts a company's security posture.

"You're creating opportunities for blind spots, because you think you mitigated that risk, but you haven't maintained a solid presence there," he said.

And even well-managed layers can create problems within an organization, said Jerry Irvine, CIO at Chicago-based security vendor Prescient Solutions.

Different security systems require different kinds of expertise, and the larger the organization, and the more systems there are in place, the more possibilities there are for conflicts -- especially when some of the systems are managed by different companies, such as outsourcers, cloud vendors, or other service providers.

Each security team focuses on its own security task, and this can interfere with that of other groups and with enterprise operations.

"Groups saddled with the responsibility of physical security may tighten down access controls to the point where applications and systems are affected, causing failure or extreme performance issues," Irvine said. "And when separate groups within the organization are responsible for the application they frequently open up access at the lower levels to assure connectivity, but increasing the overall vulnerability of the environment."

In fact, the more security layers are in place, the more likely it is that some will interfere with business operations, said Nathan Wenzler, executive director of security at Washington DC-based Thycotic Software Ltd.

Security products need to be configured then, once they're in place, they might need ongoing tuning, patching, or other kinds of maintenance. Administrators need to understand how the initial configuration and the subsequent changes might affect business processes, as well as other security systems, he said.

But most organizations only have so much expertise and time to go around.

"There's not enough time to implement them well, and keep managing them well," he said. "That becomes a challenge."

Say, for example, a company decides to use different credentials for different systems as part of its layered defense strategy.

Users are going to try to defeat that by using the same set of credentials for all systems, she said.

At a minimum, a company is going to want a set of credentials to access internal systems and another set of credentials to access email.

Users who use their email address as their account name for internal systems -- and the same password for both -- are creating a major security problem, since its so easy for outsiders to find out employees' email addresses.

She suggests that enterprises require different formats for user names and passwords to different systems.

"And make sure people understand the reasons you're putting these things in place," she said.

She also warned against credentials that give users access to, say, all the systems within a certain layer.

"Every admin doesn't have to have god rights," she said.

Integration

With each new security layer come integration challenges, where one product might interfere with the functioning of another, or create security policy conflicts.

"Sometimes interactions can have operational consequences," said Fred Kost, VP at Mountain View, Calif.-based security vendor HyTrust Inc. "It's critical for CSOs to test and validate layered security under different attack and load conditions. Clever attackers might use this to render some of an organization's layered security ineffective."

The tendency to buy best-of-breed systems from different vendors can also cause communication problems, forcing security analysts to learn to work with multiple systems instead of having one single view of a company's security situation.

In particular, enterprises have to deal with systems that don't have a common data taxonomy and trying to correlate data after the fact can lead to gaps in coverage, he said. It also takes more time to deal with false positives and false negatives.

"These layered security challenges are the big problem in the cyber threat detection and mitigation space, and are the root cause of many of the recent breaches," he said. "Often the bad guys are very well aware of these issues and are able to exploit these gaps in the security solutions."

Account Based Marketing (ABM) [920]

Account Based Marketing (ABM) and B2B Sales Support

Posted by: IDG Connect

Contrary to the traditional approach of mass marketing, Account Based Marketing (ABM) is now progressively becoming a part of marketing functions at IT service and solution providers. In order to yield a higher response rate and eventually generate a higher return on investment, sales and marketing, teams of B2B firms must work in harmony. Identifying business problems and pain-points of target accounts are of prime focus for fine-tuning the communication to address their technology challenges. This strategy is practicable for both large and small & medium sized technology service providers when it comes to generate more business from existing large-sized accounts.

ABM is not confined to winning new projects and harvesting hefty returns. It also aims to build a one-to-one business relationship which is beyond a typical buyer-seller relation. ABM also helps re-connect with past and currently non-active clients. As ITSMA rightly points out, ABM serves as a platform for services providers and clients to give a boost to their business relationship, create awareness and generate demand for solutions. Direct touch with key Decision Making Units (DMU) at target accounts lies at the core of ABM which helps IT companies design winning technology solutions for their clients.

To drive successful ABM programs and improve the conversion ratio, it is essential for the marketing team to understand the departmental goals of the sales team while having collaboration with each other. In this case, the marketing team has a major role to play for demand generation activities and call for action. Having the message content molded to address the technology challenges of either an individual account or group of target accounts plays a vital role. A thorough research of an account is necessary to service it and treat it like a market. All content, collateral and campaigns including social media marketing, thought leadership marketing, conference presentations, exhibitions etc. should ideally cater to the content needs of the account.

Collaterals could be specifically designed with content that answers all the key business problems of an account. The relevant technologies and experiences can then be highlighted in the documents like product collaterals, web pages, domain-brochures, corporate fact sheets, sales presentations, case studies, expo displays, and printed ads etc. This is significant as, for example, a stock-broking company looking for the automation of trading desk operations wouldn’t be interested in looking at Healthcare domain technology solutions. Thus mentioning this information would not benefit the client or the service provider. Sales collaterals which detail Capital Markets as a domain practice, level of experience and relevant case studies showing facts and figures would appeal to the key decision makers of a target account. During sales presentations, more than a film giving a general overview of all domains a solution provider operates in, the buyers would pay more attention to a domain-specific short film inculcating the details they are looking for.

Thought Leadership marketing can help an IT firm position itself as an expert in the industry. If used to target a specific account or a group of buyers, it can help a company build a distinctive image and credibility for buyers. Thought leadership content can be tweaked keeping in mind the needs of a target account by publishing industry insights, research studies, blogs, white papers, case studies, and informative videos etc. which are focused on any particular subject matter. The respect earned as a result of thought leadership marketing activities becomes a plus point at the time of sales pitch.

Engagement of target accounts through websites can give phenomenal results. Dynamic website content which is displayed specifically for different accounts or buyers, can lead to a significant growth in web traffic. DocuSign, a Digital Transaction Management service provider, witnessed a three-fold rise in its page views just by its target accounts.

Another medium for ABM is the new kid on the block – Social Media. Social media is a direct medium which helps IT service providers connect with rest of the world. Social media should be used to publish posts which talk about business issues of individual target accounts. For Banking sector accounts, it is appropriate to showcase only those horizontal services which are pertaining to banking operations.

While the mediums could be traditional or emerging, ABM is here to stay. It is a shift from mass to personalized and therefore, insights will be more useful than facts. Proactive over reactive is the mantra.

Actionable Security Intelligence [784]

The Growing Need for Real-time and Actionable Security Intelligence

Risk management has become an integral factor in many organizations because it prepares them for the worst that could happen. Large enterprise organization that manage a lot of discrete data and client information must use all their resources to keep this information private and protected. However, security is constantly changing and the ways that systems are being infiltrated has become more advanced. Download this whitepaper to learn how to properly select the right real-time security option for your organization and to see what actionable security intelligence could offer your organization.

12 Lloyd-Jones DM, Evans JC, Levy D. Hypertension in adults across the age spectrum: current outcomes and control in the community. JAMA. 2005; 294:466-72.

13 Bushnell C, McCullough LD, Awad IA, Chireau MV, Fedder WN, Furie KL, et al, American Heart Association Stroke Council, Council on Cardiovascular and Stroke Nursing, Council on Clinical Cardiology, Council on Epidemiology and Prevention, and Council for High Blood Pressure Research. Guidelines for the prevention of stroke in women: a statement for healthcare professionals from the American Heart Association/American Stroke Association. Stroke. 2014; 45:1545-88.

33 American College of Obstetricians and Gynecologists. Hypertension in pregnancy. Report of the American College of Obstetricians and Gynecologists Task Force on Hypertension in Pregnancy. Obstet Gynecol. 2013; 122:1122-31.